Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user from downloading the new InRelease file, which leaves the original InRelease file active and makes it more difficult to detect that the Packages file is modified and unsigned.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Advanced Package Tool 欺骗攻击漏洞
Vulnerability Description
Advanced Package Tool(APT)是一套基于Debian系统及其派生发行版的强大的包管理工具。该工具可自动下载、配置、安装二进制或源代码格式的软件包。 APT 0.8.16~exp12及之前版本的apt-pkg/acquire-item.cc文件中的‘pkgAcqMetaClearSig::Failed’方法存在安全漏洞。当程序从库中更新InRelease文件时,攻击者可通过阻止用户下载新的InRelease文件利用该漏洞实施中间人攻击,安装任意程序包。
CVSS Information
N/A
Vulnerability Type
N/A